header-logo
Suggest Exploit
vendor:
QVT FTP Server
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
119
CWE
Product Name: QVT FTP Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

QPC QVT FTP Server Denial of Service Vulnerability

The FTP server that ships with QPC's QVT line of products is vulnerable to a denial of service attack. The FTP server has an unchecked buffer in the logon function. If a username/password pair is specified that is longer than 2000 characters combined, the server will drop the connection with an 'authentication failed' message. The next time someone tries to connect, the server will crash.

Mitigation:

The vendor has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/796/info

The FTP server that ships with QPC's QVT line of products is vulnerable to a denial of service attack. The FTP server has an unchecked buffer in the logon function. If a username/password pair is specified that is longer than 2000 characters combined, the server will drop the connection with an 'authentication failed' message. The next time someone tries to connect, the server will crash. 

19619-2.exe - binary
19619-1.zip - source 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19619-1.zip

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19619-2.exe

Navigation

Suggest Exploit

Services By CQR